EclecticIQ

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

Creative Ransomware Extortion and Further Malware Capabilities With ChatGPT

This release of the Analyst Prompt provides insight into how macro tactics and techniques in the ransomware landscape are once again shifting and how this changes risk perception. EclecticIQ analysts also provide a prudent update on threat actor opportunities for integrating ChatGPT capabilities for malicious design.

Aleksander W. Jarosz May 9, 2023

tap 8 - 2023

The Blackcat-Western Digital Ransomware Cyberattack Serves a Good Example of How Extortion Techniques Will Change Risk And Impact For Targeted Victims

Threat actors were able to tap into webcams of employees at Western Digital meetings and threatened to release the media they captured. No further indication was given of what the stolen media possibly shows. The point demonstrated in the latest evolution of ransomware syndicates is an increased focus now to extort victims via new creative means that don’t involve any data recovery.

With techniques similar to the Western Digital-Blackcat cyberattack, threat actors are increasingly leveraging victim data in new ways to damage personal or group reputations. This more personal technique will be further explored by new and current major ransomware syndicates, like Blackcat, in new creative ways to maximize pressure on organizations to pay. (1) This technique is likely to see significant adoption among ransomware syndicates because it shifts the risk calculation to victims beyond simply time and money.

The downside of this development for security professionals is that the evolving cyberattacks may become more difficult to predict once the threat actor breaches the network. Security professionals are accustomed to modeling ransomware by focusing on high-value intellectual property as it relates to vital proprietary data. Threat actors may less often seek out high-value companies, and may now instead shift to targeting vulnerable or risk-averse individuals. IT security will not likely be able to anticipate new creative use cases for data -that ransomware syndicates are now hunting- which were not previously considered.

ChatGPT Remains a Limited Opportunity For Threat Actors, But Functionality Will Almost Certainly Expand Over The Next Year  

At RSA 2023, SANS highlighted ChatGPT as an important increasing risk. ChatGPT could possibly be used to create malware. (2) Large Language Model applications will almost certainly continue to experience iterations in malware development very likely lowering the bar further for entry-level threat actors to execute advanced cyberattacks.

One latest development noted by EclecticIQ analysts includes a researcher that was able to manipulate ChatGPT into assembling malicious code designed to exfiltrate data from PDF and DOCX files and using stenography to encode and deliver the payload. (3) The resulting malware was of low quality and was detected by at least five AV vendors upon initial tests, but functioned per the researcher’s design. 

This latest proof of concept provides stronger evidence of how malicious functionality of ChatGPT might be leveraged by users in the future. Researchers and threat actors will very likely continue to iterate experiments that provide new malicious functionality using large-language-model based applications. Malicious functionality, as it exists currently and continues into the short-term future, will remain highly modular. Because of this, malicious functions are likely to remain low-key and underappreciated because the PoCs thus far fail to create much real impact. The question of whether ChatGPT can be used to write malware, will be answered when users learn how to stitch these modular functions together to do more than complete one stage of a cyber Kill-Chain. ChatGPT has demonstrated use completing one phase of the Kill-Chain. Over the next year, threat actors will likely be able to carry out entire Kill-Chains with the help of ChatGPT, and that point will have many impacts on cybersecurity.

Structured Data

Find the Analyst Prompt and earlier editions in our public TAXII collection for easy use in your security stack: TAXII v1 Discovery services.

Please refer to our support page for guidance on how to access the feeds.

About EclecticIQ Intelligence and Research

EclecticIQ is a global provider of threat intelligence, hunting and response technology and services. Headquartered in Amsterdam, the EclecticIQ Intelligence and Research team is made up of experts from Europe and the U.S. with decades of experience in cyber security and intelligence in industry and government.

We would love to hear from you. Please send us your feedback by emailing us at research@eclecticiq.com or fill in the EclecticIQ Audience Interest Survey to drive our research toward your priority area.

You might also be interested in:

Polish Healthcare Industry Targeted by Vidar Infostealer Likely Linked to Djvu Ransomware

3CX Incident Attributed to North Korea; New LockBit MacOS Sample

Exposed Web Panel Reveals Gamaredon Group's Automated Spear Phishing Campaigns

Appendix

[1] DarkReading, “BlackCat Trolls Western Digital With Leaked Response Meeting Image,” May. 01, 2023. https://www.darkreading.com/remote-workforce/ransomware-group-trolls-western-digital-threat-hunters-/ (accessed May 1, 2023).

[2] DarkReading “SANS Reveals Top 5 Most Dangerous Cyberattacks for 2023,” Apr. 27, 2023. https://www.darkreading.com/attacks-breaches/sans-lists-top-5-most-dangerous-cyberattacks-in-2023 (accessed May 1, 2023). 

[3] Forcepoint, “I built a Zero Day virus with undetectable exfiltration using only ChatGPT prompts,” Apr. 04, 2023. https://www.forcepoint.com/blog/x-labs/zero-day-exfiltration-using-chatgpt-prompts (accessed May 1, 2023). 


 

Receive all our latest updates

Subscribe to receive the latest EclecticIQ news, event invites, and Threat Intelligence blog posts.

Explore all topics

© 2014 – 2024 EclecticIQ B.V.
EclecticIQ. Intelligence, Automation, Collaboration.
Get demo